Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewalls Compared

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Fri, 02 Jul 2004 12:56:18 -0400
Devdas Bhagat wrote:

Which is just wrong. If this is valid, then we as a group need to stop
and take a long look at what we are getting for our money.
We *NEED* to make people^Wvendors understand that doing the "whack a
mole" thing will not work.


You're absolutely right. Whack a mole does not work.

The whack a mole approach is the inevitable result of
the customer's fervent (but fruitless) desire to have their
cake and eat it too - they want to do something that
is basically dangerous but convenient. Whack a mole
is the expression of the degree to which organizations
are willing to expose themselves to risk. More profoundly,
the fact that patch slapping and whack a mole are the
accepted norm for security is THE indicator of how
much organizations truly value being secure. Not very.

"Being Secure" brings us back to default deny, tight policies,
minimized services, etc, etc.  "I told you so" in other words. ;)
"Having one's cake and eating it too" brings us patch
slapping, whack a mole, and signature-based intrusion
prevention systems that try to shoot down new known
vulnerabilities as fast as they are seen. I think that it's
stupid, but, well, 150 billion flies can't all be wrong...

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: